{"id":34952,"date":"2014-04-24T17:18:18","date_gmt":"2014-04-25T00:18:18","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=34952"},"modified":"2025-08-31T23:08:13","modified_gmt":"2025-09-01T06:08:13","slug":"aol-mail-spoofing","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/internet-security\/aol-mail-spoofing\/","title":{"rendered":"You\u2019ve Got Mail \u2014 But it Might be a \u2018Spoof\u2019"},"content":{"rendered":"

As Internet users everywhere are on heightened alert following the discovery of the password-compromising Heartbleed<\/a> bug earlier this month, it appears as though some web surfers just can\u2019t catch a break. This weekend, news of a potential AOL Mail breach came to light, with users airing their frustrations on Twitter using the hashtag #AOLhacked<\/a>. It turns out, however, that the AOL system was not hacked, but rather spammers have been sending \u201cspoof\u201d messages<\/a> appearing to originate from AOL Mail accounts.<\/p>\n

What, exactly, is spoofing?<\/strong><\/h2>\n

<\/b>Spoofing is when a spammer sends out emails that have your address in the \u201cFrom:\u201d field, making it appear as though the message comes from you. Here\u2019s the clincher, though\u2014according to AOL, these emails do not actually originate from AOL Mail user accounts and do not have any contact with the AOL Mail servers.<\/p>\n

This differs from a breach or a more traditional email account hack in that the spammers are not actually logging into AOL user accounts to craft and distribute malicious messages. In reality, it is the spammer\u2019s email address and servers that are being used to send the message, though they\u2019ve made it appear as though the messages are originating from a legitimate sender, in this case AOL.<\/p>\n

Unfortunately, this means that even if<\/i> AOL users change their account passwords, these \u201cspoof\u201d messages can continue to be sent, as their address book contacts have likely been recorded<\/a>.<\/p>\n

How did spammers get access to AOL Mail address books in the first place?<\/strong><\/p>\n

This much is presently unclear. Though spammers are not logging into the compromised AOL user accounts, they are sending \u201cspoof\u201d messages to these users\u2019 real address book contacts. Based on this, it appears as though these spammers were able to gain access to AOL accounts at some point in time. AOL has yet to offer an explanation on how spammers obtained a list of AOL Mail user names and the address book contacts associated with each account.<\/p>\n

How can you tell if you\u2019re being spoofed?<\/strong><\/p>\n

If you receive any \u201cmailer daemon\u201d error messages (returned messages in your inbox due to a non-existent contact, old email address, etc.) that do not coincide with emails you sent yourself, you may have been spoofed. Additionally, if you receive email replies from address book contacts that you did not originally email, you may be spoofed.<\/p>\n

Spoofed users will not<\/em> see any messages in their Sent Mail folder, which is generally an indicator that an account has been hacked<\/em>. Again, this is because cybercriminals do not actually use your AOL account to send these spoof messages, they simply take advantage of your email address and contacts while using their own servers.<\/p>\n

How can you stop a spoofing attack?<\/strong><\/p>\n

Luckily, AOL has taken measures<\/a> to help users avoid \u201cspoofing\u201d their contacts with unwanted, spammy messages. \u00a0On April 22, they updated their DMARC\u00a0policy to tell DMARC-compliant email providers such as Gmail, Yahoo! Mail, Outlook and others (including AOL Mail itself) to\u00a0reject\u00a0email from AOL addresses that are sent from non-AOL servers. This will help protect AOL Mail users\u2019 email addresses from further unauthorized abuse. Additionally, AOL has recommended that all victims change their AOL Mail passwords to prevent future unwanted account access.<\/p>\n

How can you protect your accounts and computers from getting spoofed or falling victim to \u201cspoof” messages?<\/p>\n